Popular Hotspot Finder App Exposed Millions Of WiFi Passwords

If you’re on the go and you’d prefer connecting to a WiFi network instead of relying on cellular connection, there are apps out there that help you locate a WiFi hotspot. In fact, some of them are particularly popular, but unfortunately, a report from TechCrunch has revealed that one particularly popular hotspot finder app has exposed millions of WiFi passwords.

Advertising

This is according to Sanyam Jain, a security researcher and a member of the GDI Foundation, who had initially discovered the database containing the passwords of the WiFi networks. TechCrunch claims to have attempted to reach out to the developer of the app, but got no response of them. Instead, they reached out to the host of the database who then took it down.

While the premise of the app seemed useful, where it allowed users to upload WiFi network passwords to its database so others could use it (more reason why you shouldn’t use public WiFi networks, or networks you’re unfamiliar with), its execution seemed flawed. This is because information about the network, its geolocation, and passwords were all stored in plaintext.

This means that hackers with access to that kind of information will not have trouble modifying router settings, including changing the router’s DNS and also read unencrypted traffic.